How to Use Command Injection to Pop a Reverse Shell on a Web Server

Command injection is a technique used by hackers to execute system commands on a server, usually via a web application or some kind of GUI. This can happen when an application provides some sort of functionality to the user involving the use of system commands. When the input is not properly sanitized, commands not originally intended to be run are allowed to be executed. Since the application basically acts as an impromptu shell of sorts, this type of attack can lead to disastrous consequences. Depending on the level of privilege the application has, an attacker can do anything, including... more

from WonderHowTo https://ift.tt/2zzlD59
via IFTTT